Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aNCXr9iK7z8QKC8yGPwT8BoN5IY.cer
File:                     aNCXr9iK7z8QKC8yGPwT8BoN5IY.cer (raw, json)
Hash identifier:          BDM88rALlKFEKkY8BYvO/dg7LiXa2LEYMQL/sj+x8SA=
Subject key identifier:   68:D0:97:AF:D8:8A:EF:3F:10:28:2F:32:18:FC:13:F0:1A:0D:E4:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D1CC5E03F72F78D0C6DE1D35A32C92C94
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/68D097AFD88AEF3F10282F3218FC13F01A0DE486.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Thu 18 Jan 2024 13:32:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.206.253.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:c5:e0:3f:72:f7:8d:0c:6d:e1:d3:5a:32:c9:2c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 18 13:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68d097afd88aef3f10282f3218fc13f01a0de486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:99:31:c1:68:a8:22:11:8b:d4:08:44:8f:89:
                    64:1d:38:a8:04:ec:84:9a:c9:30:18:34:61:98:d8:
                    6c:31:c2:8c:72:ee:fb:74:4f:33:c2:ab:b2:0a:69:
                    95:14:50:fe:7e:9a:c9:1c:e7:33:b3:bd:19:73:4a:
                    84:f5:e2:c9:7d:26:7b:f2:e9:73:8a:bf:be:69:a8:
                    e5:39:94:54:73:3f:d2:ce:1f:16:b6:44:69:4b:35:
                    30:ba:ef:c4:29:3e:b1:7b:7a:ae:ed:98:99:11:fc:
                    d3:47:48:e4:35:8e:0e:e7:67:d1:4e:80:d2:af:6e:
                    82:65:a0:52:3d:19:05:70:c5:57:07:fa:b9:cc:fe:
                    65:79:94:26:2b:bd:fb:1a:96:01:8d:e5:b2:4b:77:
                    21:25:a9:84:82:77:65:54:6d:2a:7c:85:fc:02:e7:
                    14:a3:8b:7e:cd:52:a0:4b:6e:ba:7b:f8:6c:30:78:
                    b8:3f:9f:22:39:77:8d:d6:48:7f:e7:c0:4c:d1:a0:
                    eb:a9:61:b3:85:fb:87:ff:9f:41:f5:ca:75:be:7a:
                    f2:94:ac:17:c3:1c:b6:48:fa:cb:0c:f7:e7:37:49:
                    34:71:d0:d6:8e:bd:da:61:bb:fb:16:9c:ce:22:5d:
                    30:7c:fb:1e:c7:b7:f8:14:78:f4:d4:ec:0d:d2:a6:
                    3f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D0:97:AF:D8:8A:EF:3F:10:28:2F:32:18:FC:13:F0:1A:0D:E4:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/7c11b819-d459-4136-9987-f0292a87e640/0/68D097AFD88AEF3F10282F3218FC13F01A0DE486.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:c4:b4:ab:5c:53:eb:39:ed:1b:fa:b9:95:bc:f3:3b:95:82:
         a3:07:48:b2:a5:26:cd:63:95:c6:c0:be:c0:e3:b9:e4:e4:38:
         88:17:1b:6f:91:a9:dd:ea:e9:e1:c8:20:20:d5:de:14:8b:30:
         ae:b5:81:d6:b4:32:06:90:94:2d:33:fa:70:0a:d7:d5:15:46:
         5e:4c:bb:67:8f:88:b1:08:af:1b:f3:5e:8c:ea:17:3a:cd:19:
         f4:ce:52:d0:c0:8a:97:06:e3:c0:f0:54:f0:aa:9a:67:7d:ec:
         8f:88:cc:fe:ee:76:fa:fc:ab:e6:ef:b0:73:15:a3:da:39:74:
         23:ee:52:f5:73:1f:9f:9f:4a:40:5e:e1:45:d9:24:e3:9f:66:
         a1:62:e7:df:b2:37:16:7c:8e:a7:f7:3c:56:f5:a5:2d:6b:91:
         e1:28:6b:25:57:6d:f0:3d:94:27:df:aa:3e:8f:17:e0:53:0a:
         21:61:10:cd:3a:3a:5f:a7:ee:45:bd:83:51:a6:f5:27:0c:90:
         7f:84:9d:83:1b:69:82:38:97:f5:59:ee:d6:76:43:1a:c0:09:
         2e:24:36:b8:5d:84:4e:9f:39:1a:31:5a:ca:cd:53:f9:4f:6b:
         3f:3e:7b:3f:26:02:6f:ac:4c:75:83:68:44:a9:c5:bc:64:58:
         53:9f:19:5b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY0cxeA/cveNDG3h01oyySyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE4MTMzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQwOTdhZmQ4OGFlZjNmMTAyODJmMzIxOGZjMTNmMDFhMGRlNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopkxwWioIhGL1AhEj4lkHTioBOyE
mskwGDRhmNhsMcKMcu77dE8zwquyCmmVFFD+fprJHOczs70Zc0qE9eLJfSZ78ulz
ir++aajlOZRUcz/Szh8WtkRpSzUwuu/EKT6xe3qu7ZiZEfzTR0jkNY4O52fRToDS
r26CZaBSPRkFcMVXB/q5zP5leZQmK737GpYBjeWyS3chJamEgndlVG0qfIX8AucU
o4t+zVKgS266e/hsMHi4P58iOXeN1kh/58BM0aDrqWGzhfuH/59B9cp1vnrylKwX
wxy2SPrLDPfnN0k0cdDWjr3aYbv7FpzOIl0wfPsex7f4FHj01OwN0qY/ywIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGjQl6/Yiu8/ECgvMhj8E/AaDeSGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdjMTFi
ODE5LWQ0NTktNDEzNi05OTg3LWYwMjkyYTg3ZTY0MC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2Mx
MWI4MTktZDQ1OS00MTM2LTk5ODctZjAyOTJhODdlNjQwLzAvNjhEMDk3QUZEODhB
RUYzRjEwMjgyRjMyMThGQzEzRjAxQTBERTQ4Ni5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
ALnO/TANBgkqhkiG9w0BAQsFAAOCAQEAksS0q1xT6zntG/q5lbzzO5WCowdIsqUm
zWOVxsC+wOO55OQ4iBcbb5Gp3erp4cggINXeFIswrrWB1rQyBpCULTP6cArX1RVG
Xky7Z4+IsQivG/NejOoXOs0Z9M5S0MCKlwbjwPBU8KqaZ33sj4jM/u52+vyr5u+w
cxWj2jl0I+5S9XMfn59KQF7hRdkk459moWLn37I3FnyOp/c8VvWlLWuR4ShrJVdt
8D2UJ9+qPo8X4FMKIWEQzTo6X6fuRb2DUab1JwyQf4SdgxtpgjiX9Vnu1nZDGsAJ
LiQ2uF2ETp85GjFays1T+U9rPz57PyYCb6xMdYNoRKnFvGRYU58ZWw==
-----END CERTIFICATE-----